other/Puppet: modules/firewall/CHANGELOG.md annotate

annotate modules/firewall/CHANGELOG.md @ 174:1457b5365c79 puppet-3.6

Add extra headers for improved security practice

author	IBBoard <dev@ibboard.co.uk>
date	Sat, 03 Mar 2018 14:20:06 +0000
parents	d6f2a0ee45c0
children	d9352a684e62

rev	line source
39 d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	1 ##2015-05-19 - Supported Release 1.6.0
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	2 ###Summary
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	3
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	4 This release includes support for TEE, MSS, the time ipt module, Debian 8 support, and a number of test fixes and other improvements.
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	5
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	6 ####Features
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	7 - Add TEE support
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	8 - Add MSS support (including clamp-mss-to-pmtu support)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	9 - Add support for the time ipt module (-m time)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	10 - Add support for Debian 8
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	11 - Add support for ICMPv6 types 'neighbour-{solicitation,advertisement}'
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	12 - Add support for ICMPv6 type 'too-big'
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	13 - Add support for new 'match_mark' property
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	14 - Added 'ipv4' and 'ipv6' options to 'proto' property
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	15
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	16 ####Bugfixes
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	17 - Fix for Systemd-based OSes where systemd needs restarted before being able to pick up new services (MODULES-1984)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	18 - Arch Linux package management fix
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	19
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	20 ##2015-03-31 - Supported Release 1.5.0
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	21 ###Summary
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	22
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	23 This release includes physdev_is_bridged support, checksum_fill support, basic Gentoo compatibility, and a number of test fixes and improvements.
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	24
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	25 ####Features
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	26 - Add `physdev_is_bridged` support
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	27 - Add `checksum_fill` support
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	28 - Add basic Gentoo compatibility (unsupported)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	29
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	30 ####Bugfixes
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	31 - Implementation for resource map munging to allow a single ipt module to be used multiple times in a single rule on older versions of iptables (MODULES-1808)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	32 - Test fixes
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	33
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	34 ##2015-01-27 - Supported Release 1.4.0
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	35 ###Summary
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	36
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	37 This release includes physdev support, the ability to look up usernames from uuid, and a number of bugfixes
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	38
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	39 ####Features
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	40 - Add `netmap` feature
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	41 - Add `physdev` support
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	42 - Add ability to look up username from uuid (MODULES-753, MODULES-1688)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	43
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	44 ####Bugfixes
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	45 - Sync iptables/ip6tables providers (MODULES-1612)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	46 - Fix package names for Amazon and Ubuntu 14.10 (MODULES-1029)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	47 - Fix overly aggressive gsub when `ensure => absent` (MODULES-1453)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	48 - Unable to parse `-m (tcp\|udp)` rules (MODULES-1552)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	49 - Fix ip6tables provider when `iptables-ipv6` package isn't installed for EL6 (MODULES-633)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	50 - Test fixes
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	51
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	52 ##2014-12-16 - Supported Release 1.3.0
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	53 ###Summary
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	54
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	55 This release includes a number of bugfixes and features, including fixing `tcp_flags` support, and added support for interface aliases, negation for iniface and outiface, and extra configurability for packages and service names.
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	56
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	57 ####Features
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	58 - Add support for interface aliases (eth0:0) (MODULES-1469)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	59 - Add negation for iniface, outiface (MODULES-1470)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	60 - Make package and service names configurable (MODULES-1309)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	61
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	62 ####Bugfixes
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	63 - Fix test regexes for EL5 (MODULES-1565)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	64 - Fix `tcp_flags` support for ip6tables (MODULES-556)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	65 - Don't arbitrarily limit `set_mark` for certain chains
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	66
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	67 ##2014-11-04 - Supported Release 1.2.0
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	68 ###Summary
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	69
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	70 This release has a number of new features and bugfixes, including rule inversion, future parser support, improved EL7 support, and the ability to purge ip6tables rules.
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	71
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	72 ####Features
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	73 - Documentation updates!
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	74 - Test updates!
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	75 - Add ipset support
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	76 - Enable rule inversion
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	77 - Future parser support
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	78 - Improved support for EL7
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	79 - Support netfilter-persistent
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	80 - Add support for statistics module
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	81 - Add support for mac address source rules
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	82 - Add cbt protocol
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	83
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	84 ####Bugfixes
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	85 - Incorrect use of `source => :iptables` in the ip6tables provider was making it impossible to purge ip6tables rules (MODULES-41)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	86 - Don't require `toports` when `jump => 'REDIRECT'` (MODULES-1086)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	87 - Don't limit which chains iniface and outiface parameters can be used in
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	88 - Don't fail on rules added with ipsec/strongswan (MODULES-796)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	89
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	90 ##2014-07-08 - Supported Release 1.1.3
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	91 ###Summary
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	92 This is a supported release with test coverage enhancements.
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	93
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	94 ####Bugfixes
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	95 - Confine to supported kernels
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	96
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	97 ##2014-06-04 - Release 1.1.2
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	98 ###Summary
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	99
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	100 This is a release of the code previously released as 1.1.1, with updated metadata.
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	101
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	102 ## 2014-05-16 Release 1.1.1
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	103 ###Summary
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	104
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	105 This release reverts the alphabetical ordering of 1.1.0. We found this caused
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	106 a regression in the Openstack modules so in the interest of safety we have
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	107 removed this for now.
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	108
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	109 ## 2014-05-13 Release 1.1.0
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	110 ###Summary
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	111
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	112 This release has a significant change from previous releases; we now apply the
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	113 firewall resources alphabetically by default, removing the need to create pre
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	114 and post classes just to enforce ordering. It only effects default ordering
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	115 and further information can be found in the README about this. Please test
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	116 this in development before rolling into production out of an abundance of
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	117 caution.
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	118
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	119 We've also added `mask` which is required for --recent in recent (no pun
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	120 intended) versions of iptables, as well as connlimit and connmark. This
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	121 release has been validated against Ubuntu 14.04 and RHEL7 and should be fully
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	122 working on those platforms.
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	123
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	124 ####Features
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	125
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	126 - Apply firewall resources alphabetically.
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	127 - Add support for connlimit and connmark.
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	128 - Add `mask` as a parameter. (Used exclusively with the recent parameter).
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	129
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	130 ####Bugfixes
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	131
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	132 - Add systemd support for RHEL7.
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	133 - Replace &&'s with the correct and in manifests.
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	134 - Fix tests on Trusty and RHEL7
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	135 - Fix for Fedora Rawhide.
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	136 - Fix boolean flag tests.
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	137 - Fix DNAT->SNAT typo in an error message.
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	138
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	139 ####Known Bugs
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	140
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	141 * For Oracle, the `owner` and `socket` parameters require a workaround to function. Please see the Limitations section of the README.
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	142
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	143
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	144 ## 2014-03-04 Supported Release 1.0.2
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	145 ###Summary
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	146
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	147 This is a supported release. This release removes a testing symlink that can
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	148 cause trouble on systems where /var is on a seperate filesystem from the
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	149 modulepath.
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	150
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	151 ####Features
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	152 ####Bugfixes
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	153 ####Known Bugs
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	154
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	155 * For Oracle, the `owner` and `socket` parameters require a workaround to function. Please see the Limitations section of the README.
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	156
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	157 ### Supported release - 2014-03-04 1.0.1
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	158
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	159 ####Summary
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	160
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	161 An important bugfix was made to the offset calculation for unmanaged rules
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	162 to handle rules with 9000+ in the name.
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	163
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	164 ####Features
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	165
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	166 ####Bugfixes
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	167 - Offset calculations assumed unmanaged rules were numbered 9000+.
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	168 - Gracefully fail to manage ip6tables on iptables 1.3.x
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	169
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	170 ####Known Bugs
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	171
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	172 * For Oracle, the `owner` and `socket` parameters require a workaround to function. Please see the Limitations section of the README.
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	173
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	174 ---
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	175 ### 1.0.0 - 2014-02-11
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	176
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	177 No changes, just renumbering to 1.0.0.
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	178
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	179 ---
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	180 ### 0.5.0 - 2014-02-10
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	181
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	182 ##### Summary:
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	183 This is a bigger release that brings in "recent" connection limiting (think
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	184 "port knocking"), firewall chain purging on a per-chain/per-table basis, and
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	185 support for a few other use cases. This release also fixes a major bug which
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	186 could cause modifications to the wrong rules when unmanaged rules are present.
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	187
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	188 ##### New Features:
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	189 * Add "recent" limiting via parameters `rdest`, `reap`, `recent`, `rhitcount`,
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	190 `rname`, `rseconds`, `rsource`, and `rttl`
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	191 * Add negation support for source and destination
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	192 * Add per-chain/table purging support to `firewallchain`
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	193 * IPv4 specific
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	194 * Add random port forwarding support
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	195 * Add ipsec policy matching via `ipsec_dir` and `ipsec_policy`
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	196 * IPv6 specific
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	197 * Add support for hop limiting via `hop_limit` parameter
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	198 * Add fragmentation matchers via `ishasmorefrags`, `islastfrag`, and `isfirstfrag`
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	199 * Add support for conntrack stateful firewall matching via `ctstate`
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	200
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	201 ##### Bugfixes:
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	202 - Boolean fixups allowing false values
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	203 - Better detection of unmanaged rules
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	204 - Fix multiport rule detection
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	205 - Fix sport/dport rule detection
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	206 - Make INPUT, OUTPUT, and FORWARD not autorequired for firewall chain filter
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	207 - Allow INPUT with the nat table
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	208 - Fix `src_range` & `dst_range` order detection
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	209 - Documentation clarifications
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	210 - Fixes to spec tests
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	211
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	212 ---------------------------------------
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	213
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	214 ### 0.4.2 - 2013-09-10
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	215
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	216 Another attempt to fix the packaging issue. We think we understand exactly
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	217 what is failing and this should work properly for the first time.
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	218
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	219 ---------------------------------------
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	220
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	221 ### 0.4.1 - 2013-08-09
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	222
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	223 Bugfix release to fix a packaging issue that may have caused puppet module
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	224 install commands to fail.
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	225
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	226 ---------------------------------------
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	227
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	228 ### 0.4.0 - 2013-07-11
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	229
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	230 This release adds support for address type, src/dest ip ranges, and adds
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	231 additional testing and bugfixes.
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	232
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	233 #### Features
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	234 * Add `src_type` and `dst_type` attributes (Nick Stenning)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	235 * Add `src_range` and `dst_range` attributes (Lei Zhang)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	236 * Add SL and SLC operatingsystems as supported (Steve Traylen)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	237
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	238 #### Bugfixes
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	239 * Fix parser for bursts other than 5 (Chris Rutter)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	240 * Fix parser for -f in --comment (Georg Koester)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	241 * Add doc headers to class files (Dan Carley)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	242 * Fix lint warnings/errors (Wolf Noble)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	243
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	244 ---------------------------------------
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	245
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	246 ### 0.3.1 - 2013/6/10
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	247
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	248 This minor release provides some bugfixes and additional tests.
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	249
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	250 #### Changes
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	251
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	252 * Update tests for rspec-system-puppet 2 (Ken Barber)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	253 * Update rspec-system tests for rspec-system-puppet 1.5 (Ken Barber)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	254 * Ensure all services have 'hasstatus => true' for Puppet 2.6 (Ken Barber)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	255 * Accept pre-existing rule with invalid name (Joe Julian)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	256 * Swap log_prefix and log_level order to match the way it's saved (Ken Barber)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	257 * Fix log test to replicate bug #182 (Ken Barber)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	258 * Split argments while maintaining quoted strings (Joe Julian)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	259 * Add more log param tests (Ken Barber)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	260 * Add extra tests for logging parameters (Ken Barber)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	261 * Clarify OS support (Ken Barber)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	262
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	263 ---------------------------------------
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	264
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	265 ### 0.3.0 - 2013/4/25
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	266
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	267 This release introduces support for Arch Linux and extends support for Fedora 15 and up. There are also lots of bugs fixed and improved testing to prevent regressions.
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	268
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	269 ##### Changes
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	270
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	271 * Fix error reporting for insane hostnames (Tomas Doran)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	272 * Support systemd on Fedora 15 and up (Eduardo Gutierrez)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	273 * Move examples to docs (Ken Barber)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	274 * Add support for Arch Linux platform (Ingmar Steen)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	275 * Add match rule for fragments (Georg Koester)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	276 * Fix boolean rules being recognized as changed (Georg Koester)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	277 * Same rules now get deleted (Anastasis Andronidis)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	278 * Socket params test (Ken Barber)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	279 * Ensure parameter can disable firewall (Marc Tardif)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	280
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	281 ---------------------------------------
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	282
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	283 ### 0.2.1 - 2012/3/13
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	284
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	285 This maintenance release introduces the new README layout, and fixes a bug with iptables_persistent_version.
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	286
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	287 ##### Changes
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	288
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	289 * (GH-139) Throw away STDERR from dpkg-query in Fact
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	290 * Update README to be consistent with module documentation template
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	291 * Fix failing spec tests due to dpkg change in iptables_persistent_version
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	292
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	293 ---------------------------------------
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	294
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	295 ### 0.2.0 - 2012/3/3
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	296
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	297 This release introduces automatic persistence, removing the need for the previous manual dependency requirement for persistent the running rules to the OS persistence file.
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	298
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	299 Previously you would have required the following in your site.pp (or some other global location):
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	300
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	301 # Always persist firewall rules
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	302 exec { 'persist-firewall':
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	303 command => $operatingsystem ? {
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	304 'debian' => '/sbin/iptables-save > /etc/iptables/rules.v4',
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	305 /(RedHat\|CentOS)/ => '/sbin/iptables-save > /etc/sysconfig/iptables',
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	306 },
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	307 refreshonly => true,
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	308 }
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	309 Firewall {
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	310 notify => Exec['persist-firewall'],
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	311 before => Class['my_fw::post'],
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	312 require => Class['my_fw::pre'],
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	313 }
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	314 Firewallchain {
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	315 notify => Exec['persist-firewall'],
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	316 }
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	317 resources { "firewall":
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	318 purge => true
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	319 }
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	320
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	321 You only need:
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	322
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	323 class { 'firewall': }
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	324 Firewall {
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	325 before => Class['my_fw::post'],
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	326 require => Class['my_fw::pre'],
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	327 }
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	328
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	329 To install pre-requisites and to create dependencies on your pre & post rules. Consult the README for more information.
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	330
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	331 ##### Changes
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	332
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	333 * Firewall class manifests (Dan Carley)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	334 * Firewall and firewallchain persistence (Dan Carley)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	335 * (GH-134) Autorequire iptables related packages (Dan Carley)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	336 * Typo in #persist_iptables OS normalisation (Dan Carley)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	337 * Tests for #persist_iptables (Dan Carley)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	338 * (GH-129) Replace errant return in autoreq block (Dan Carley)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	339
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	340 ---------------------------------------
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	341
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	342 ### 0.1.1 - 2012/2/28
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	343
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	344 This release primarily fixes changing parameters in 3.x
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	345
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	346 ##### Changes
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	347
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	348 * (GH-128) Change method_missing usage to define_method for 3.x compatibility
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	349 * Update travis.yml gem specifications to actually test 2.6
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	350 * Change source in Gemfile to use a specific URL for Ruby 2.0.0 compatibility
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	351
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	352 ---------------------------------------
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	353
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	354 ### 0.1.0 - 2012/2/24
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	355
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	356 This release is somewhat belated, so no summary as there are far too many changes this time around. Hopefully we won't fall this far behind again :-).
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	357
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	358 ##### Changes
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	359
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	360 * Add support for MARK target and set-mark property (Johan Huysmans)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	361 * Fix broken call to super for ruby-1.9.2 in munge (Ken Barber)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	362 * simple fix of the error message for allowed values of the jump property (Daniel Black)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	363 * Adding OSPF(v3) protocol to puppetlabs-firewall (Arnoud Vermeer)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	364 * Display multi-value: port, sport, dport and state command seperated (Daniel Black)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	365 * Require jump=>LOG for log params (Daniel Black)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	366 * Reject and document icmp => "any" (Dan Carley)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	367 * add firewallchain type and iptables_chain provider (Daniel Black)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	368 * Various fixes for firewallchain resource (Ken Barber)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	369 * Modify firewallchain name to be chain:table:protocol (Ken Barber)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	370 * Fix allvalidchain iteration (Ken Barber)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	371 * Firewall autorequire Firewallchains (Dan Carley)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	372 * Tests and docstring for chain autorequire (Dan Carley)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	373 * Fix README so setup instructions actually work (Ken Barber)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	374 * Support vlan interfaces (interface containing ".") (Johan Huysmans)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	375 * Add tests for VLAN support for iniface/outiface (Ken Barber)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	376 * Add the table when deleting rules (Johan Huysmans)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	377 * Fix tests since we are now prefixing -t)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	378 * Changed 'jump' to 'action', commands to lower case (Jason Short)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	379 * Support interface names containing "+" (Simon Deziel)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	380 * Fix for when iptables-save spews out "FATAL" errors (Sharif Nassar)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	381 * Fix for incorrect limit command arguments for ip6tables provider (Michael Hsu)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	382 * Document Util::Firewall.host_to_ip (Dan Carley)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	383 * Nullify addresses with zero prefixlen (Dan Carley)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	384 * Add support for --tcp-flags (Thomas Vander Stichele)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	385 * Make tcp_flags support a feature (Ken Barber)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	386 * OUTPUT is a valid chain for the mangle table (Adam Gibbins)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	387 * Enable travis-ci support (Ken Barber)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	388 * Convert an existing test to CIDR (Dan Carley)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	389 * Normalise iptables-save to CIDR (Dan Carley)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	390 * be clearer about what distributions we support (Ken Barber)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	391 * add gre protocol to list of acceptable protocols (Jason Hancock)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	392 * Added pkttype property (Ashley Penney)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	393 * Fix mark to not repeat rules with iptables 1.4.1+ (Sharif Nassar)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	394 * Stub iptables_version for now so tests run on non-Linux hosts (Ken Barber)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	395 * Stub iptables facts for set_mark tests (Dan Carley)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	396 * Update formatting of README to meet Puppet Labs best practices (Will Hopper)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	397 * Support for ICMP6 type code resolutions (Dan Carley)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	398 * Insert order hash included chains from different tables (Ken Barber)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	399 * rspec 2.11 compatibility (Jonathan Boyett)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	400 * Add missing class declaration in README (sfozz)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	401 * array_matching is contraindicated (Sharif Nassar)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	402 * Convert port Fixnum into strings (Sharif Nassar)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	403 * Update test framework to the modern age (Ken Barber)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	404 * working with ip6tables support (wuwx)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	405 * Remove gemfile.lock and add to gitignore (William Van Hevelingen)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	406 * Update travis and gemfile to be like stdlib travis files (William Van Hevelingen)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	407 * Add support for -m socket option (Ken Barber)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	408 * Add support for single --sport and --dport parsing (Ken Barber)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	409 * Fix tests for Ruby 1.9.3 from 3e13bf3 (Dan Carley)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	410 * Mock Resolv.getaddress in #host_to_ip (Dan Carley)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	411 * Update docs for source and dest - they are not arrays (Ken Barber)
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	412
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	413 ---------------------------------------
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	414
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	415 ### 0.0.4 - 2011/12/05
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	416
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	417 This release adds two new parameters, 'uid' and 'gid'. As a part of the owner module, these params allow you to specify a uid, username, gid, or group got a match:
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	418
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	419 firewall { '497 match uid':
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	420 port => '123',
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	421 proto => 'mangle',
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	422 chain => 'OUTPUT',
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	423 action => 'drop'
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	424 uid => '123'
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	425 }
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	426
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	427 This release also adds value munging for the 'log_level', 'source', and 'destination' parameters. The 'source' and 'destination' now support hostnames:
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	428
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	429 firewall { '498 accept from puppetlabs.com':
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	430 port => '123',
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	431 proto => 'tcp',
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	432 source => 'puppetlabs.com',
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	433 action => 'accept'
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	434 }
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	435
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	436
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	437 The 'log_level' parameter now supports using log level names, such as 'warn', 'debug', and 'panic':
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	438
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	439 firewall { '499 logging':
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	440 port => '123',
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	441 proto => 'udp',
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	442 log_level => 'debug',
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	443 action => 'drop'
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	444 }
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	445
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	446 Additional changes include iptables and ip6tables version facts, general whitespace cleanup, and adding additional unit tests.
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	447
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	448 ##### Changes
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	449
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	450 * (#10957) add iptables_version and ip6tables_version facts
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	451 * (#11093) Improve log_level property so it converts names to numbers
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	452 * (#10723) Munge hostnames and IPs to IPs with CIDR
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	453 * (#10718) Add owner-match support
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	454 * (#10997) Add fixtures for ipencap
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	455 * (#11034) Whitespace cleanup
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	456 * (#10690) add port property support to ip6tables
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	457
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	458 ---------------------------------------
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	459
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	460 ### 0.0.3 - 2011/11/12
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	461
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	462 This release introduces a new parameter 'port' which allows you to set both
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	463 source and destination ports for a match:
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	464
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	465 firewall { "500 allow NTP requests":
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	466 port => "123",
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	467 proto => "udp",
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	468 action => "accept",
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	469 }
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	470
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	471 We also have the limit parameter finally working:
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	472
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	473 firewall { "500 limit HTTP requests":
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	474 dport => 80,
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	475 proto => tcp,
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	476 limit => "60/sec",
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	477 burst => 30,
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	478 action => accept,
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	479 }
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	480
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	481 State ordering has been fixed now, and more characters are allowed in the
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	482 namevar:
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	483
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	484 * Alphabetical
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	485 * Numbers
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	486 * Punctuation
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	487 * Whitespace
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	488
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	489 ##### Changes
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	490
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	491 * (#10693) Ensure -m limit is added for iptables when using 'limit' param
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	492 * (#10690) Create new port property
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	493 * (#10700) allow additional characters in comment string
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	494 * (#9082) Sort iptables --state option values internally to keep it consistent across runs
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	495 * (#10324) Remove extraneous whitespace from iptables rule line in spec tests
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	496
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	497 ---------------------------------------
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	498
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	499 ### 0.0.2 - 2011/10/26
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	500
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	501 This is largely a maintanence and cleanup release, but includes the ability to
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	502 specify ranges of ports in the sport/dport parameter:
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	503
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	504 firewall { "500 allow port range":
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	505 dport => ["3000-3030","5000-5050"],
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	506 sport => ["1024-65535"],
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	507 action => "accept",
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	508 }
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	509
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	510 ##### Changes
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	511
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	512 * (#10295) Work around bug #4248 whereby the puppet/util paths are not being loaded correctly on the puppetmaster
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	513 * (#10002) Change to dport and sport to handle ranges, and fix handling of name to name to port
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	514 * (#10263) Fix tests on Puppet 2.6.x
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	515 * (#10163) Cleanup some of the inline documentation and README file to align with general forge usage
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	516
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	517 ---------------------------------------
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	518
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	519 ### 0.0.1 - 2011/10/18
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	520
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	521 Initial release.
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	522
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	523 ##### Changes
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	524
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	525 * (#9362) Create action property and perform transformation for accept, drop, reject value for iptables jump parameter
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	526 * (#10088) Provide a customised version of CONTRIBUTING.md
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	527 * (#10026) Re-arrange provider and type spec files to align with Puppet
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	528 * (#10026) Add aliases for test,specs,tests to Rakefile and provide -T as default
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	529 * (#9439) fix parsing and deleting existing rules
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	530 * (#9583) Fix provider detection for gentoo and unsupported linuxes for the iptables provider
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	531 * (#9576) Stub provider so it works properly outside of Linux
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	532 * (#9576) Align spec framework with Puppet core
d6f2a0ee45c0 Add "Firewall" module IBBoard <dev@ibboard.co.uk> parents: diff changeset	533 * and lots of other earlier development tasks ...

Mercurial > repos > other > Puppet

annotate modules/firewall/CHANGELOG.md @ 174:1457b5365c79 puppet-3.6